Portforward API

config/crd/bases/unifi.engen.priv.no_portforwards.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: portforwards.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: PortForward
+    listKind: PortForwardList
+    plural: portforwards
+    singular: portforward
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: |-
+          PortForward is a placeholder type to allow future CRD support if needed.
+          Right now, port forwards are managed entirely through annotations on Services.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+          status:
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
 - bases/unifi.engen.priv.no_networkconfigurations.yaml
 - bases/unifi.engen.priv.no_firewallzones.yaml
 - bases/unifi.engen.priv.no_firewallpolicies.yaml
+- bases/unifi.engen.priv.no_portforwards.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patches:

config/rbac/kustomization.yaml

@@ -22,6 +22,9 @@ resources:
 # default, aiding admins in cluster management. Those roles are
 # not used by the {{ .ProjectName }} itself. You can comment the following lines
 # if you do not want those helpers be installed with your Project.
+- portforward_admin_role.yaml
+- portforward_editor_role.yaml
+- portforward_viewer_role.yaml
 - firewallpolicy_admin_role.yaml
 - firewallpolicy_editor_role.yaml
 - firewallpolicy_viewer_role.yaml

config/rbac/portforward_admin_role.yaml

@@ -0,0 +1,27 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over unifi.engen.priv.no.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: portforward-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards/status
+  verbs:
+  - get

config/rbac/portforward_editor_role.yaml

@@ -0,0 +1,33 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the unifi.engen.priv.no.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: portforward-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards/status
+  verbs:
+  - get

config/rbac/portforward_viewer_role.yaml

@@ -0,0 +1,29 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to unifi.engen.priv.no resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: portforward-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards/status
+  verbs:
+  - get

config/rbac/role.yaml

@@ -20,6 +20,7 @@ rules:
   - firewallpolicies
   - firewallzones
   - networkconfigurations
+  - portforwards
   verbs:
   - create
   - delete
@@ -35,6 +36,7 @@ rules:
   - firewallpolicies/finalizers
   - firewallzones/finalizers
   - networkconfigurations/finalizers
+  - portforwards/finalizers
   verbs:
   - update
 - apiGroups:
@@ -44,6 +46,7 @@ rules:
   - firewallpolicies/status
   - firewallzones/status
   - networkconfigurations/status
+  - portforwards/status
   verbs:
   - get
   - patch

config/samples/kustomization.yaml

@@ -3,4 +3,5 @@ resources:
 - unifi_v1beta1_networkconfiguration.yaml
 - unifi_v1beta1_firewallzone.yaml
 - unifi_v1beta1_firewallrule.yaml
+- unifi_v1beta1_portforward.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples

config/samples/unifi_v1beta1_portforward.yaml

@@ -0,0 +1,9 @@
+apiVersion: unifi.engen.priv.no/v1beta1
+kind: PortForward
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: portforward-sample
+spec:
+  # TODO(user): Add fields here